SQL statement in cs file vs Store procedure

I want to create a search funtion in my project, I am using VS 2005 and SQL server 2005.
in my search there is one category that I want to allow users to select mutilply records, so I only thought about two ways of doing this, one is crease a sql statement in my cs file and pass it to sql and run the query. another way is crease a store procedure and pass a parameter in the store procedure and canculate it there. which is the better way of doing this? or is there any other ways? which way is fater? what's the benifit of using either of these two.

Well, you can create a sql statement and pass parameters as well, you don't need a stored procedure for that. I believe, depending on the complexity of the query, that performance is better from a stored proc. If you use parameterized query, security is not issue, but don't don't use concatenated strings for your query as that might cause security issues. I normally use queries in code, but then usually abstract it off into a class of it's own to form a Data Access Layer.

You can do it either way but putting your query into a stored provcedure and passing the parameters to it is much more secure because it greatly reduces your chances of a SQL injection attack which are becoming very common. You also gain some performance benefit by putting your code into a stored procedure. It also just makes your code more manageable and easier to maintain.

shankwheat, I totally agree with your idea, but here comes an example, if I have a query, and it's involove 10 tables, I have 5 places need to use these query, and each of these 5 places are using part of the result. (you just need add different where), and I dont want to create 5 storeprocedures that are similar, because if later I need make a change, it will be lots of work and easy to make mistakes. I also dont want to put it into my cs file because of the security reason, so I dont knowwhat should I do now! I thought about using View in sql, but is that going to affect my speed? because the data from these 10 tables are very large.

i can help you in framing your SP
please provide some sample and required output
what your 10 tables contains and what you are searching for
there might be some possibility of using sys columns to get result faster

In this article we will get to know that how can we recover deleted data if it happens accidently. We really can recover deleted rows if we know the time when data is deleted by using the transaction log.

Look below the covers at a subform control , and the form that is inside it. Explore properties and see how easy it is to aggregate, get statistics, and synchronize results for your data.
A Microsoft Access subform is used to show relevant calcul…